I was taking it back to basics to see why it wasn't working.
This is the one I am intending to use, which only allows certain files.
But the same problems remains. On the live version, we'd use PDO for the INSERT.
Code: Select all
if ($update == "addavatar") {
$avatar=$_POST['avatar'];
error_reporting(0);
$change="";
$abc="";
define ("MAX_SIZE","400");
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
$errors=0;
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$image =$_FILES["avatar"]["name"];
$uploadedfile = $_FILES['avatar']['tmp_name'];
if ($image)
{
$filename = stripslashes($_FILES['avatar']['name']);
$extension = getExtension($_FILES['avatar']['name']);
$extension = strtolower($extension);
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
$change='<div class="msgdiv">Unknown Image extension </div> ';
$errors=1;
}
else
{
$size=filesize($_FILES['avatar']['tmp_name']);
if ($size > MAX_SIZE*1024)
{
$change='<div class="msgdiv">You have exceeded the size limit!</div> ';
$errors=1;
}
if($extension=="jpg" || $extension=="jpeg" )
{
$uploadedfile = $_FILES['avatar']['tmp_name'];
$src = imagecreatefromjpeg($uploadedfile);
}
else if($extension=="png")
{
$uploadedfile = $_FILES['avatar']['tmp_name'];
$src = imagecreatefrompng($uploadedfile);
}
else
{
$src = imagecreatefromgif($uploadedfile);
}
echo $scr;
list($width,$height)=getimagesize($uploadedfile);
$tmp=imagecreatetruecolor($width,$height);
$newwidth=550;
$newheight=($height/$width)*$newwidth1;
$tmp=imagecreatetruecolor($newwidth1,$newheight1);
imagecopyresampled($tmp,$src,0,0,0,0,$width,$height,$width,$height);
$pic=($_FILES['avatar']['name']);
srand(time());
$random = (rand()%99999999);
$newname="$random"."$pic";
$filename = "images/avatars/". $newname;
imagejpeg($tmp,$filename,100);
imagedestroy($src);
imagedestroy($tmp);
}}
}
$result = mysql_query ("SELECT avatar FROM admin WHERE id = '$userid'");
while ($row = mysql_fetch_object($result))
{
mysql_query("UPDATE admin SET avatar = '$newname' where id = '$userid'");
}
//Writes the photo to the server
if(move_uploaded_file($_FILES['avatar']['tmp_name'], $target))
{
echo "<div class='admincompletedbox' style='margin-top: 5px'>
<b>Primary photo has been added.</b></div>";
}
}